2. Password Management
Password Security
The important protection against Intruders is the password system.
The password serves in used to authenticate the ID of the individual who logs on
to the system.
ID determines whether the user is authorized or unauthorized to gain access to a system.
ID determines the privileges according to the user.
ID is used as unrestricted access control.
3. Example
UNIX Operating System
User selects a password of up to eight printable characters in length.
This password is then converted into a 56 bit value that serves as the key input to an
encryption process based on DES.
DES Algorithm is modified using a 12 bit salt value.
This way, it prevents duplicate password.
5. 1. User Education
Tell the importance of hard-to-guess password to the users & provide guidelines for
selecting strong password.
This strategy is unlikely to be successful at most installation, particularly where there is
a large user population.
Many users will simply ignore the guidelines, which may not be good judgement of what
is a strong password.
6. 2. Computer Generated Password
Users will not be able to remember the computer generated password, even though the
password is pronounceable.
The passwords are reasonably random in nature.
So many times users write it down.
7. 3. Reactive password Checking
The system periodically runs its own password cracker program to find out guessable
passwords.
If the system find any such a password then cancels it & notifies the user
8. 4. Proactive password checking
User is allowed to select his/her own password.
At the time of selection, the system checks the password if the password is allowable
then allow otherwise reject it.
9. Components of Good password
As a password is meant to protect access and resources from intruders, it should not be
easy for some one else to guess.
Followings are the some guidelines to make a password more difficult to guess or obtain.
1. Password should be at least eight characters long
2. It should have at least three elements among following elements
(one or more uppercase, one or more lowercase, one or more numerals, one or
more special characters).
3. It should not consist of dictionary words.
4. It should not at all be the same as the users login name
10. Operating System Hardening
OS is the system software which handles input, output, display, memory management &
all highly tasks.
OS Example :Microsoft (95, 98, NT, 2000, ME, XP, Vista, 7, 8)
Apple Mac OS, Sun Solaris, UNIX
NOS includes additional functions and capabilities to help in connecting computers &
devices like printers to LAN
Example :- Windows Server 2003, Windows Server 2008.
OS Manufactures will not provide security but some recommendations or simplified
tools & settings to facilitate security of the system.
11. Operating System Hardening cont...
Removing unnecessary applications and utilities, disabling unnecessary services, setting
of appropriate permissions on files and updating the OS and application code to the
latest version.
This process of securing an OS is known as OS hardening and it is intended to make
the system more secure.
12. Step for securing Windows OS
1. Disable all unnecessary Service
2. Restrict permissions on files and access to the Registry
3. Remove unnecessary Programs.
4. Apply the latest patches and fix
5. Remove unnecessary user accounts and ensure password guidelines are in place
13. Weaknesses of Windows OS
MS Windows is not open source
Windows OS installation is insecure because it includes hidden shares, blank passwords
& it will not provide protection for known vulnerabilities.
It is difficult for administrator to understand how to properly use & configure the
software on various hardware setups.
It slows down after running 24 hours.
Many users don`t understand the security risk related to system while configuring it,
so this will cause for different attacks.
Less actual control over files.
14. UNIX OS Hardening
The process of securing UNIX OS to make the system more secure is called as
UNIX OS Hardening.
It means it disable unnecessary services, restrict permissions on files and directories,
apply password guidelines, remove unnecessary software, apply patches, and remove
unnecessary users.
UNIX system is very powerful and flexible.
This is all depending on the skill and knowledge of the system administrator because
so much control is placed in the administrators hand.
UNIX systems are easier to secure and baseline when they are providing a single
service or performing a single function, like acting as SMTP or web Server.
15. UNIX OS Hardening
Cont...
During installation process, it is easy to select which services and applications are
placed on the system.
On UNIX System by using the process status or by ps command, you can see which
processes, applications and services are running.
An administrator can identify the service by its unique process identifier or PID.
To stop a running service the process is identified by PID and then kill command id
used to stop the services.
16. Updates
To the standard user or system administrator is constant stream of updates designed to
correct problems, replace sections of code, or even add new features to an installed OS.
Vendors typically follows a hierarchy for software updates given below:1. Hotfix
2. Patch
3. Service Pack
17. Updates
Cont...
1. Hotfix
This term is given to small software update designed to address particular problem.
Hotfixes are typically developed in reaction to a discovered problem.
2. Patch
This term is given to large software updates designed to address particular problem.
Patches contain improvements or additional capabilities ans fixes for known bugs.
They are usually developed over a longer period of time.
18. Updates
Cont..
3. Service Pack
This term is given to a large collection of patches and hotfixes that are rolled into a single.
Service packs are designed to bring a system up to the latest known rather than
requiring the user or system administrator to download several of updates separately.